[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pam_access: LOCAL matches IPv6 address by definition



Hello,

I'm very glad for IPv6 support in pam_access. However I met a problem
that line

-:user:ALL EXCEPT LOCAL

allows logging via IPv6 protocol (PAM_RHOST is something like
2001:abcd::1).

According manual page the LOCAL keyword matches all tokens without '.'
(dot) character. The motivation is clear: domain names and IPv4
addresses contains dot, so local logins (from console or local X11
display) can be matched. Accidently, "new" IP protocol has addresses
without dots. So, rigid semantic and human interception don't align.

Thus, I ask: Should we change the dot rule or should we add remarks to
documentation about it?

-- Petr



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]